Corporate reliance on technology has increasingly become more complex and pervasive. The latest advances in information technology have resulted in computer applications that are much faster and more efficient. However, the proliferation of different computer systems and applications that use different communications protocols, security mechanisms, languages, data structures and platforms has also made the information technology infrastructure of the typical business enterprise more complex. Different business processes within a typical corporate enterprise may use different computer applications or networks. In such a scenario, each computer application or network is secured and optimized for a particular business process, rather than for the enterprise as a whole. For example, a bank may have one computer application for securely accepting new customer account information and another to verify the credit worthiness of customers using sensitive data such as their social security numbers. Accordingly, the credit verification computer application may implement a more stringent data security standard than the computer application accepting new customer account information. In such a situation, source computer applications have to employ a compatible encryption standard, or authentication mechanism such as, for example, the OASIS Web Services Security (WSS) WS-Security v1.1 standard, to secure messages before sending them to the target credit verification computer application.
In other situations a source computer application or network within a corporate enterprise, for example, a bank, may need to share confidential customer information with external networks of partners or other organizations. As a result, in addition to the risk of data loss or corruption and exposure of confidential internal business transactions, there is a risk of exposing sensitive customer data to third parties. Thus a need exists for an intermediary transformation service to assign appropriate security controls to messages from source computer applications or networks prior to their transmission over a communications network.